Hello Hacker!
TopTierConversions LTD is proud to announce its latest and greatest product launch: MD2PDF.
This easy-to-use utility converts markdown files to PDF and is totally secure! Right…?
This box in new and interesting for me. We have some PDF issues within my organization and i would like to have some evidence towards in an effort to prevent some malicious apps.
This box is looking for just a flag. So lets get to enumerating!
We have quite a bit that triggered in our nmap scan
Navigating to webpage (since 80 is open), we get a PDF converting tool
Also at :5000 we get another similar tool
running gobuster we get an immediate hit on /admin. Although that directory looks locked down
There is a hint towards our end goal here (localhost:5000)
From here we are going to create an iframe to call localhost:5000
Pressing convert and we retrieve our flag!
